Vulnerabilities > Nagios > Nagios XI > 5.7.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-24 | CVE-2020-28900 | Insufficient Verification of Data Authenticity vulnerability in Nagios Fusion and Nagios XI Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh. | 9.8 |
| 2021-05-24 | CVE-2020-28906 | Incorrect Default Permissions vulnerability in Nagios Fusion and Nagios XI Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root. | 8.8 |
| 2021-05-24 | CVE-2020-28910 | Incorrect Permission Assignment for Critical Resource vulnerability in Nagios XI Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh. | 9.8 |
| 2021-02-15 | CVE-2021-25298 | Unspecified vulnerability in Nagios XI Nagios XI version xi-5.7.5 is affected by OS command injection. | 8.8 |
| 2021-02-15 | CVE-2021-25297 | Unspecified vulnerability in Nagios XI Nagios XI version xi-5.7.5 is affected by OS command injection. | 8.8 |
| 2021-02-15 | CVE-2021-25296 | Unspecified vulnerability in Nagios XI Nagios XI version xi-5.7.5 is affected by OS command injection. | 8.8 |
| 2021-01-13 | CVE-2020-35578 | OS Command Injection vulnerability in Nagios XI An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. | 7.2 |
| 2020-11-16 | CVE-2020-27991 | Cross-site Scripting vulnerability in Nagios XI Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field). | 5.4 |
| 2020-11-16 | CVE-2020-27990 | Cross-site Scripting vulnerability in Nagios XI Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent). | 5.4 |
| 2020-11-16 | CVE-2020-27989 | Cross-site Scripting vulnerability in Nagios XI Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard). | 5.4 |